ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pradeep Agrawal <pradeepagrawal8...@gmail.com>
Subject Review Request 68185: RANGER-2168: Add service admin user through service config
Date Fri, 03 Aug 2018 10:55:18 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68185/
-----------------------------------------------------------

Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Abhay Kulkarni, Madhan
Neethiraj, Mehul Parikh, suja s, and Velmurugan Periasamy.


Bugs: RANGER-2168
    https://issues.apache.org/jira/browse/RANGER-2168


Repository: ranger


Description
-------

Patch committed from RR https://reviews.apache.org/r/68096 is having one issue.
When keyadmin user is added as service admin user in kms service then he can't view the kms
policy.
Issue was not there in First patch of RR 68096 but got introduced in second patch.

Note : If User role user is a Service Admin user in KMS Service then he can't view the KMS
service dashboard but can create/update/delete/view KMS policy from curl.

If Keyadmin role user is a Service Admin user in NON KMS Service then he can't do any operation
in the policies of that service.


If Admin role user is a Service Admin user in KMS Service then he can do any operation in
the policies of that service from curl but can't view the KMS service


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java c116ea289 


Diff: https://reviews.apache.org/r/68185/diff/1/


Testing
-------

Tested following use cases:

USER ROLE | IS Service Admin User

USER | TRUE
USER | FALSE
ADMIN | TRUE
ADMIN | FALSE
KEYADMIN | TRUE
KEYADMIN | FALSE


Service Admin User ROLE | Service Type

USER | NON KMS
USER | KMS
ADMIN | NON KMS
ADMIN | KMS
KEYADMIN | NON KMS
KEYADMIN | KMS


Thanks,

Pradeep Agrawal


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message